Data Privacy Policy

INTRODUCTION

Link Net is committed to protecting the Privacy and data of our Data Subjects with utmost respect and due care. This Data Privacy Policy (referred to as “Policy”) establishes the mandatory requirements of Axiata Group with respect to protection of Personal Data.
This is an overarching Policy and together with relevant underlying Privacy procedures, templates and guidelines provide the breadth and depth needed to meet Axiata Group’s Data Privacy requirements.

GUIDING PRINCIPLES

Link Net activities and Privacy practices are underpinned by the T.R.U.S.T. principles, which are laid out below:

Transparent

We are TRANSPARENT about what, why and how we collect and protect YOUR PERSONAL DATA so that YOU can make informed decisions.

Rights

We respect YOUR RIGHTS as individuals, so YOU are in control of YOUR PERSONAL DATA.

Use

We USE YOUR PERSONAL DATA for specific and stated purposes and keep it for as long as required only.

Security

We have established robust CYBER SECURITY PRACTICES in line with leading industry standards to protect YOUR PERSONAL DATA that YOU have shared with us.

Transfer

With YOUR CONSENT or in accordance with APPLICABLE LAWS we may TRANSFER YOUR PERSONAL DATA and will take appropriate steps to ensure it is adequately protected.

SCOPE AND APPLICABILITY

This Policy applies to all Stakeholders of Axiata Group, which includes subsidiaries and associated companies that the Group has a controlling stake or ownership. Companies or entities in which Link Net does not have a controlling stake are encouraged to adopt this Policy.

This Policy shall apply to the end-to-end processing of Personal Data of customers, employees and all other stakeholders (collectively referred to as “Data Subjects”), may it be in the form of digital, on paper or other materials. This Policy applies to all the employees, contract staff and vendors who process personal data on the Company’s behalf.

Link Net shall comply with Applicable Privacy Laws. To the extent this Policy contradicts or is inconsistent with requirements to any law, statute or regulation, the higher standards shall prevail.

DATA PRIVACY PRACTICES

In order to comply with and operationalize the T.R.U.S.T. principles, Link Net shall implement the following Data Privacy Practices:

LAWFULNESS, FAIRNESS, AND TRANSPARENCY

  1. Link Net shall process Personal Data lawfully, fairly and in a transparent manner. Link Net shall provide the data subjects with a Privacy Notice which specifies details on the purpose for which the Personal Data is being collected and processed, source of the Personal Data, class of the third parties to which the Personal Data is disclosed or may be disclosed to, security measures towards protection of Personal Data, data retention requirements, rights available to Data Subjects and other relevant information in line with Applicable Privacy Laws.
  2. Link Net shall process Personal Data when it is necessary and meets at least one of the following lawful bases for processing:
    1. where the Data Subject has given their consent for their Personal Data to be processed. Any processing shall be strictly within the purposes for which the consent is given;
    2. where the Processing is necessary for the performance of a contract with the Data Subject;
    3. where steps are to be taken at the request of the Data Subject with a view to entering into a contract;
    4. where the Processing is necessary to comply with legal obligations/regulatory requirement and for the exercise of any functions conferred on any person by or under any law;
    5. where it required for administration of justice and/or public interest for the purposes of state administration
    6. to protect the vital interests of Data Subjects
    7. any other lawful base for Processing Personal Data as stated by Applicable Privacy Laws.
  3. Link Net shall also ensure that while Processing Sensitive Personal Data explicit consent is required of Data Subjects except for other lawful bases stated below:
    1. exercising or performing any right or obligation which is conferred or imposed by law on the Company in connection with employment
    2. any legal proceedings
    3. obtaining legal advice
    4. establishing, exercising or defending legal rights
    5. where the Processing is necessary to protect the vital interest of the Data Subject or another person
    6. any other lawful base for Processing Sensitive Personal Data as stated by Applicable Privacy Laws.
  4. Link Net shall take reasonable steps to maintain accurate, complete, not misleading and up to date Personal Data only for the purpose(s) identified in the Privacy Notice.
  5. Link Net shall ensure that Personal Data collected and processed shall be adequate, relevant and not excessive for the purpose(s) identified in the Privacy Notice.

DATA SUBJECT RIGHTS

Link Net respects the rights of Data Subjects and shall provide them with the opportunity and platform to exercise their rights. Link Net shall establish processes for receiving, recording and responding to some or all of the below mentioned data subject rights in accordance with the Applicable Privacy Laws:

  • Right to be informed
  • Right to access
  • Right to correct personal data
  • Right to withdraw consent
  • Right to prevent Processing in certain circumstance (e.g. prevent direct marketing, Processing that is likely to cause distress)
  • Right to erasure (to be forgotten)
  • Right to data portability.

RETENTION AND DISPOSAL

Link Net shall define and document retention periods for various categories of Personal Data in accordance with the stated purpose or as required by the law. Link Net shall ensure that Personal Data is retained as per the defined retention periods. Post expiry of the retention period, Personal Data shall be securely disposed or de-identified.

PRIVACY BY DESIGN

Privacy by Design is a methodology that enables Privacy to be built into the design and architecture of systems, products and processes.
Link Net shall adopt Privacy by Design methodology by ensuring Data Privacy issues are considered at the design phase of any system, service, product or process and then throughout the Personal Data lifecycle.
Link Net shall conduct Data Protection Impact Assessments (DPIAs) to identify underlying Privacy risks in the high-risk personal data Processing activities.

VENDOR PRIVACY MANAGEMENT AND CROSS-BORDER DATA TRANSFER

Link Net shall establish processes with respect to managing high- risk data processing vendors from a Data Privacy standpoint. The processes shall include the below tabulated activities:

Due Diligence

Conduct out due diligence on the prospective high-risk vendor’s information security and Privacy posture prior to onboarding them

Data Processing Agreements

Include adequate Privacy and information security clauses in the contractual agreement executed with the vendors

Periodic Vendor Assessment

Carry out periodic assessment of the existing high-risk vendors’ compliance with contractual and regulatory obligations

DPIAs for Projects

Carry out DPIAs prior to onboarding high-risk projects from existing vendors

Link Net shall assess the permissibility of Cross-Border Data Transfers in accordance with Applicable Privacy Laws. Further, Link Net shall also ensure that necessary safeguards (such as Data Transfer Agreements) are in place to protect all the Cross-Border Data Transfers.

PRIVACY INCIDENT AND DATA BREACH MANAGEMENT

Link Net shall define and implement a process for reporting, assessing, resolving, communicating, escalating, notifying, and performing of any other actions required in the effective management of Privacy incidents and data breaches.

SECURITY

Link Net shall implement appropriate technical safeguards and organizational measures to maintain the confidentiality, integrity and availability of Personal Data.

AUDIT, REVIEW AND REPORTING

Link Net shall carry out periodic Privacy audits on their data Processing environment to monitor its compliance against this Policy, Group Privacy standards and Applicable Privacy Laws.

TRAINING AND AWARENESS

Link Net shall mandate annual Data Privacy awareness trainings for their employees and contract staff. Link Net shall also raise awareness through knowledge sharing sessions, e-mailers, posters, Privacy campaigns and other such means.